Posted
by
timothy
on Tuesday July 15, 2008 @07:51AM
from the wait-'til-he-turns-off-the-earthquake-preventor dept.

ceswiedler writes "A disgruntled software engineer has hijacked San Francisco's new multimillion-dollar municipal computer system. When the Department of Technology tried to fire him, he disabled all administrative passwords other than his own. He was taken into custody but has so far refused to provide the password, and the department has yet to regain admin access on their own. They're worried that he or an associate might be able to destroy hundreds of thousands of sensitive documents, including emails, payroll information, and law enforcement documents."

You are being disingenuous at best. Are your roads in order, is the traffic calm and orderly? Do you have electricity in your home? Are you being raided by armed bandits? what about clean water, can you drink the water coming out of your faucet? What about the mail, is it being delivered?

Need I go on? You are suggesting local, state and federal government do nothing.

>You are being disingenuous at best. Are your roads in order, is the traffic calm and orderly? Do you have electricity in your home? Are you being raided by armed bandits? what about clean water, can you drink the water coming out of your faucet? What about the mail, is it being delivered?

Are you saying if he gives up the password the potholes will be fixed, the traffic will flow, the mail will be on time and the water from the tap won't stink anymore?

I don't understand how it's possible to be locked out of a system that you have direct local access to. You should at least be able to pop in a livecd and edit/etc/password from a livecd. If you need to decrypt stuff might as well start cracking the hash.. they certainly have the computing power to do it o_O

Are you sure it's a UNIX variant? I assumed it was big iron, and I am not sure those have cd-rom drive. What's more, if he choose a REALLY good password, brute force decrypt might take a *long* time...

I don't understand how it's possible to be locked out of a system that you have direct local access to. You should at least be able to pop in a livecd and edit/etc/password from a livecd.

That gets you into the operating system. Once you are there, what do you do?
SQL databases can/should use passwords.
Web servers can/should use passwords.
Payroll systems MUST use passwords, with all data encrypted.
The above (and others) are where the problem lies, and no single user reboot will fix this.

For what it's worth, the guy is a network engineer, I'm assuming these are switches and routers. You don't boot them off a CD. Resetting the password on some of these devices is made possible only by resetting the config. If nobody kept proper config backups, you would have a hard time reconfiguring the device from scratch.

I'm guessing either the entire file system is encrypted, or the problem is getting into an application that's running under the OS. Most times the OS isn't the final gakekeeper in high security; the application itself may run everything encrypted, and may very well have no easy way to restore access if a password is lost.

If they were using symmetric cryptography correctly, it could be virtually impossible to recover any of the information without first recovering the password.

Actually, this is the perfect way to test the strength of symmetric encryption algorithms. For those cryptographers with tin-foil hats (http://www.schneier.com/essay-198.html), seeing how long it will take for various three lettered agencies to recover the data will illuminate a previously dark room containing the question, "How safe is your data really?"
It seems to me that this guy is doing the whole cryptography community a favor.

Unless you know fully what he has done, you should not continue using it and assume that everything is working properly and will continue to work properly.

Typically corrupted data is worse than destroyed data.

At least when the data is gone, the problem is a lot more obvious.

Imagine if the payrolls have been tampered with (payroll files are mentioned in the article) rather than destroyed. And the law (and other) documents have had the word "not" randomly removed in 0.5% of the occurrences;), and a few numbers changed by a few percent.

Private as in privacy, no. But private as in private property? Yes. If they don't allow someone to gather their things before they leave they could be looking at serious legal troubles.

No, it's pretty common practice. They can directly escort you out of the building without your personal property and they have a reasonable amount of time to gather up your stuff and get it back to you.

Things like car keys, wallet, jacket, briefcase, etc. yes. They'll escort you to your desk to pick those up. But gathering your pictures, books, etc. Nope. They'll do it for you or have you come back at a later date.

He's a municipal employee. I don't know about San Francisco, but where I live, state or local government employee means union member, which in turn means he's very difficult to fire, except for the most egregious offenses. He's probably had an extensive disciplinary history to reach this point, which means he had ample time to see it coming and set this all up in advance.

My employer doesn't fire anyone... they just lay them off, with some amount of severance. That way the person has money and can get EI (Employment Insurance - we're in Canada and like to make unemployment seem nicer than it is), and is less likely to try to sue the company for wrongful dismissal or tell everyone about the shady things the company does.

The employee is usually taken to one of the front meeting rooms under the pretense of an "important staff meeting". As soon as they leave their desk, someone swoops in and piles everything not owned by the company into a box, and takes it to reception. The employee gets their dismissal meeting from their direct boss with someone from HR present, and then they're taken to reception, given their box of stuff, and told to GTFO.

Network Operations gets the call to reset the ex-employee's password so they can't get in through the VPN (have to keep their account so someone can answer their email, etc), and work goes on.

The last thing the ex-employee gets to see on the way out is the hot receptionist. Could be worse.

Sorry for posting anonymously, but I don't feel like getting laid off if someone from work happens to recognize my username.

It's just not that easy for a sysadmin, especially a major one. For myself, I've got passwords, SSH-keys, and many other access points everywhere in my company. It's not because I want to screw with them, but because they tend to call me at all sorts of different times and I never know if I'll need secure access to the server.

So, routing rules from home. Public SSH keys on various border-servers with my USB-drive having the private keys, etc. They're all used for doing my job, and if I'm fired (not sure why I would be though) I'll just move on to the next one without tainting my career and doing something stupid to burn bridges. However, I could see a *bad* sysadmin using these same tools and more to entrench himself so deeply that you'd almost have to rebuild the entire infrastructure from scratch to find all the back-doors.

If this guy was a real dick (but a clever+smart one), knew it, knew he was going to be canned, and prepared for it... then how are you going to know that your authentication methods, your binaries, or even your kernels haven't been messed with in some way? MD5 sums only go so far when you have hundreds of systems tied together.

I've seen this sort of problem...it's really deadly. If you have somebody who has the keys to the entire computer system, is fully willing to snoop into people's personal data, and also is willing to really do some nasty things, you're in a bad situation. If you're going to fire him, do it fast and without warning...he absolutely can't know it's coming. With someone like that, you can't even discuss the issue via email with any other colleagues (i.e., he's probably reading your emails quite regularly).

If he has any time to stew about things, then odds are he'll setup a variety of back-doors or other ways he can royally mess things up. In the situation I've seen, the boss knew the sysadmin was screwing around...though there was no hard proof, the sysadmin also knew that he was essentially caught. But in his position, he basically had the office by the balls. It's a stalemate...unless you're willing to dump the guy and completely sanitize/overhaul anything he's touched on the network. And of course, who knows how much personal data he's copied off-site in the meantime.

Yes, but that involves a perilous trip through the cavernous sub-basement to some rarely touched master reboot switch, and while the system is restarting all the perimeter fences will be de-electrified and the motion sensors inactive. In movies, this situation inevitably leads to lots of screaming and mayhem.

I used to work for the State (a very small state) and some dipshit "Security Director" over at the Department of Administration (all our Internet traffic went through there) decided that he didn't like all this traffic coming from my PC to an IP address that matched a "corporate domain name" (it was my own domain, and I'd login to my own webmail.) Basically this guy was (is) paid $150K a year, and all he does is install appliances and watch logs to try and catch people surfing the wrong web pages (he used to be a cop.)

He tried to fire me for "running a business from my desk" which of course I wasn't doing..

Anyways, he sent someone down to my office and they took my PC. Vista x86.

So they couldn't figure out how to login to the machine. The so-called security expert couldn't even create a boot disk or anything to get access. It's not like it was a crazy machine, it was a Dell Precision machine with a SATA RAID card. All they had to do was download the drivers from Dell and make a BartPE or something.

They basically told me that if I didn't give them my password I was fired. I absolutely REFUSED. Never do you ever need to have someone give you their password. A so-called security expert should know this.

So eventually I drove over there, typed in my password for them, and drove back to my office. They didn't find anything, obviously, and I got the machine back completely wiped two weeks later.

So yes, they are DEFINITELY INCOMPETENT! All IT management in state/government agencies are, and most of the people working for them as well. You move up in the government simply by not being fired and putting in more years than the next guy.

They basically told me that if I didn't give them my password I was fired. I absolutely REFUSED. Never do you ever need to have someone give you their password. A so-called security expert should know this.

So eventually I drove over there, typed in my password for them, and drove back to my office. They didn't find anything, obviously, and I got the machine back completely wiped two weeks later.

What you should have done was give them some random string of gibberish (write it down and keep it yourself so you can repeat the same exact string when asked again). They still won't be able to get in. Finally, when you have to go over there and help them, pull out that little piece of paper and type that random gibberish in again. When you also get access denied, repeat a few times more slowly. Then finally turn around and look at the idiots and say "You broke it!".

Except a lot of times someone is fired they know that's it's coming. It's possible this guy had set this all up in the case he got fired, and then we he saw it was going to happen he put it into motion. Article even says they tried to fire him before and he created his super password as a security device to keep his job. Now I'm sure the real irony here is that if this guy probably actually did his job instead of all this mess he probably wouldn't have been fired. I mean, this is a guy that's going to be looking at pretty serious jail time, and probably a severe restriction on his rights when he gets out. I like my job, but not enough to do something that's going to land me in the pokey.

Firing someone for poor performance (as opposed to firing someone for a single unacceptable action) takes time....and MUCH coordination...at least everywhere that I have worked.

In a decently managed environment, the employee knows in advance that his management views his/her performance as unacceptable since the manager has discussed it with the employee and laid out a plan for improvement. Even an average employee could see the writing on the wall weeks/months in advance...but this individual was also using his administrative access to monitor related email messages.

If his group comprised even a moderately-sized MIS group, you could pull his admin responsibilities and transfer him to a role with lesser rights during the period of performance review and monitoring...but this individual was most likely hired to do this very specific job...and there may not have been another position in to which he could transition naturally...even temporarily.

My question - where are the backup tapes? Pull the tapes from a date prior to his manipulation of the system. Presumably, it should not be that long ago if they were ensuring that at least one other admin had routine access to the system. In such a case, they should have known within 24 hours that he had done something. If, on the other hand, he was a one man show, then I think that they are screwed until he gives up his password...which he will. Mark my word.

"Childs has worked for the city for about five years. One official with knowledge of the case said he had been disciplined on the job in recent months for poor performance and that his supervisors had tried to fire him."

How the hell do you "Try to fire" someone.. either you do it or you don't.

(And please.. no Yoda BS. If you go back and look at when Yoda was first introduced as a character he didn't do that cutesy backwards sentence construction. That came later. So I put it in the realm of Jar Jar - obnoxious character development)

Especially when it makes a crime a Felony. That is one of the four felonies charged to him. The other three are all related to tampering with a computer network.

While this guy is obviously an idiot for thinking he could blackmail a government entity I am quite pleased the security on the system is sufficient to make it hard to get into when strong security is put into place. In other words, nothing annoys me more than so called secured systems having some means of password decryption, let alone the ones that allow admins to see them plain text.

what is going to interest me is how many years they will attempt to land on him. Just how offensive to society is this type of crime versus murder or rape. It seems that every new crime invented by the government gets stronger penalties than existing ones; if only to make it appear more valid. After all the penalty wouldn't be so severe if it were not really a crime now would it?

he will probably get a sentence more than a rapist but less than a murderer. The state considers screwing with it the highest crime, far more so than the plebs killing each other, but there is a limit to what they can get away with if they want a quiet life.

You're quick to play the fear card, aren't you? Even considered a position in the Bush administration?

You can't use 'what ifs' to try and pin a more serious crime on someone. Its tyrannical, because essentially your 'what ifs' are subjective and thus you are using your own opinions to override the law.

Large municipal department of technology seeking software engineer for a multimillion-dollar computer system. At least 5 years of previous experience required. Must be able to gain administrative access to a system where the password is not known. Hiring immediately!

If they (the technology department) were smart, they would make it a practical interview. Ask the interviewee if they can gain administrative access to the system. If they say yes, let them try. If they can't do it, you thank them, but let them know that they aren't qualified for the position. If they *can* gain access, you thank them, and let them know that the position is no longer required.~

"At a news conference announcing Childs' arrest, District Attorney Kamala Harris was tightlipped about what his motive may have been."

I think there's more going on here than we're being told.

You have to understand the nepotism and corruption that runs SF. The DA is purportedly Willie Brown's ex-girlfriend. She probably hasn't been told what to say yet because her handlers have been locked out of their computers. They have to cover up the corruption that contributed to this (or was merely exposed) first, then they'll decide what he did and throw the book at him.

That director over there, he gets a golden handshake as he goes out the door... You want to keep him sweet because he knows where all your dirty secrets are and could cause all sorts of trouble for your operation.

The sysadmin, youre going to kick out the door becuase hes blue colar... Oh, wait a minute... He really does know where all your dirty secrets are and really can bring your operation to its knees. In fact hes far more dangerous going out the door than the exec... pity you didnt think of that.

Execs are heaved out the door all the time for being incompetent, but its done with kid gloves because theyre deemed to be potentially damaging... And they wear a suit.

Word of advice: if youre sacking somebody who can bring your operation to a grinding halt, make sure you you keep them sweet, regardless of the job they do for your organisation. Its simple business.

Pfft. That's irrelevant if you've got physical access. You'd either pull the drive in question and attach to another operational machine, then change/etc/shadow, or you boot from a LiveCD and do the same.

I'd assume there are other layers of security, though (poss. including encryption), and TFA doesn't say what operating system it runs on.

Poor soul. All pissy over a job that pays 150K/yr? This guy lacks perspective, huge. If incarceration and bankruptcy don't help him figure things out - perhaps a stint delivering pizza or a cardboard sign at the offramp.

None of us know all the facts of the situation, but I think it's pretty obvious that this guy was just trying to maintain his livelyhood through a misguided attempt at job security. If we had an IT Union looking out for our careers that gave us some sort of protection against the arbitrary whims of upper-management, then maybe this wouldn't have happened.

As for the idea that the guy might have shared his password with some unscrupulous feind... how many of you, had you actually been given admin access to SAN FRANSISCO would really share that password with anyone? Drastic, misguided, sure... but stupid? Come on, there had to be a reason he got the job in the first place.

Seems kind of funny that the article reports the DA is "tightlipped" about his motive. Makes me wonder if he is 'disgruntled' for a reason that would embarrass the agency if it got out.

Also pretty funny that they go into great detail about his salary, which seems kind of low to me for the area or at least average. Sounds like they are trying to make him seem unsympathetic in the public eye.

I used to work at a bank. I was the "cash control teller" which means that I counted every single cash shipment into and out of the bank branch. Sometimes 1/2 million dollars.

You know what? It isn't worth it. It isn't enough to live a good life on. If you get caught, the benefits do not out weight the risks.

The same thing with this sort of hack. The guy screwed himself. He's ruined and will serve time in prison. "Everyone" (with any skills) knows you can get into any system you can physically touch.

What is he going to get for his trouble? Will they pay him off and set him free? HA! no way. The worst that will happen is that they'll employ someone's 12 year old nephew to crack the system. Pay him off with a couple XBox games or a new PS3.

As an employee of an institution of higher education, I have few very basic expectations. Chief among these is that my direct superiors have an intellect that ranges above the common ground squirrel. After your consistent and annoying harassment of my co-workers and me during our commission of duties, I can only surmise that you are one of the few true genetic wastes of our time.

Asking me, a network administrator, to explain every nuance of everything I do each time you happen to stroll into my office is not only a waste of time, but also a waste of precious oxygen. I was hired because I know how to network computer systems, and you were apparently hired to provide amusement to your employees, who watch you vainly attempt to understand the concept of "cut and paste" as it is explained to you for the hundredth time.

You will never understand computers. Something as incredibly simple as binary still gives you too many options. You will also never understand why people hate you, but I am going to try and explain it to you, even though I am sure this will be just as effective as telling you what an IP is. Your shiny new iMac has more personality than you ever will.

You wander around the building all day, shiftlessly seeking fault in others. You have a sharp dressed, useless look about you that may have worked for your interview, but now that you actually have responsibility, you pawn it off on overworked staff, hoping their talent will cover for your glaring ineptitude. In a world of managerial evolution, you are the blue-green algae that everyone else eats and laughs at. Managers like you are a sad proof of the Dilbert principle.

Seeing as this situation is unlikely to change without you getting a full frontal lobotomy reversal, I am forced to tender my resignation; however, I have a few parting thoughts:

When someone calls you in reference to employment, it is illegal for you to give me a bad recommendation as I have consistently performed my duties and even more. The most you can say to hurt me is, "I prefer not to comment." To keep you honest, I will have friends randomly call you over the next couple of years, because I know you would be unable to do it on your own.

I have all the passwords to every account on the system and I know every password you have used for the last five years. If you decide to get cute, I will publish your "Favorites," which I conveniently saved when you made me "back up" your useless files. I do believe that terms like "Lolita" are not viewed favorably by the university administrations.

When you borrowed the digital camera to "take pictures of your mother's b-day," you neglected to mention that you were going to take nude pictures of yourself in the mirror. Then, like the techno-moron you are, you forgot to erase them. Suffice it to say, I have never seen such odd acts with a ketchup bottle. I assure you that those photos are being kept in safe places pending your authoring of a glowing letter of recommendation. (And, for once, would you please try to use spellcheck? I hate correcting your mistakes.)

I expect the letter of recommendation on my desk by 8:00 am tomorrow. One word of this to anybody and all of your twisted little repugnant obsessions will become public knowledge. Never f*ck with your systems administrator, Mr. Baker! They know what you do with all that free time!

I've been in a position to do this (I was still rooted from home in three systems, and though they changed the passwords, they didn't kick active sessions) and all I did was change the MOTD to "When firing a user with root access, make sure to abort existing sessions."

Professionalism is key if you expect to be trusted with access to big sexy systems.

My temptation was excessively high. I got the shaft for no good reason, and I was told that either I'd resign or they'd sue me for some kind of breach of contract: they didn't want to have to pay my unemployment, so they made this threat...I can't even remember what it was about now, but I do remember that the PHB...

Oh wait, I remember, it was an Arcview [esri.com] application that had never gotten completed because the demographic data was hung up at the state level, and he kept calling it Arcserve [ca.com]. So yea, I'm sitting there listening to this fat idiot with the bad hairpiece threatening me with a breach of contract dealing with a Windows backup program which we didn't even sell.

What a moron.

Anyway the "contract" was a complete handshake agreement, no paper work, no actual project specs, nothing, and the ball was in the clients court anyway, and in my opinion, they had no real interest in it in the first place. Basically he was trying to force me out to isolate one of the partners (my actual boss), and he was a real asshole about it.

So I had a moment, when I realized I had basically unlimited access, where I was tempted. I'm not a fuckup like the guy in San Fran either; I could have set shit in motion that would never have been caught, and I knew the state their backups were in.

But I'm a professional, and while I never would have been caught, I wouldn't have felt like I could be trusted with the big systems, wouldn't have been able to sit in an interview and say that my personal integrity matters more to me than just about anything.

Talking of what people want to do to their employer... There was this large semi state-owned telecomms company (and a much-hated monopoly for very long in our dear country) that I contracted at. This happened after I moved to another job, but I still had contact with a lot of ex-coworkers. Allegedly a middle management type was sacked, and a few days afterwards he came in again (no idea how he got past various access controls) to (literally) make a stink: he had several shopping bags containing excrement (human, apparently, though it probably was not all his own), which he managed to smear across his own as well as his ex-boss' desk and office wall before being apprehended. Now the office building was one of these modern new agey glass and concrete monstrosities and consisted of 4 floors of open plan desks, with a large opening down the center the same shape and size as the huge lobby and indoor garden on the ground floor - thus no way to contain the "spill".

Apparently, this is one of the more widespread fantasies employees at that place have.

I didn't actually intend to. This was about 15 years ago. I got hired to take care of payroll at a warehouse, which was a completely paper-based process. I suggested that I could transfer the whole operation onto a computer and be more efficient. They said go ahead, but for security be sure to password protect it.

It ended up taking me only a couple of hours to do what had been an all-day job, and naively I told them this and suggested that there were other areas of operation in the plant I could similarly improve. Instead, the next day they canned me - they wouldn't say why, only "It just isn't working out."

The day after that I was glumly poking through the classifieds when I got the call

This isn't nearly the worst I've heard of though. The worst was a guy who locked all accounts, deleted files, and placed a high strength magnet in the tape drive so when they went to restore they screwed up the backups. That company went out of business AFAIK and the loser involved served jail time and worked for the rest of his life to try to repay the owner.

Why the hate towards the public sector? I have found the exact same shit going on in private companies, many of them quite successful.

That's because the anglo-saxon culture has a visceral hatred of everything that comes from the State. Anglo-saxons find that the State is the embodiment of evil, that it cannot do anything good and they will always try to gut it to it's simplest expression.

This dates back to 1215 when weak king John (Jean d'Angleterre [wikipedia.org]) got bullied by his barons and signed the magna carta [wikipedia.org] which essentially robbed him of most of his power. Thus started the notion that people other than the king could earn more power to the point of rivalling the State.

At the beginning, this was restricted to nobility, but when the industrial revolution saw the bourgeois rise to unprecedented wealth, to the point of even eclipsing the State's, the bourgeois managed to totally subvert the State and effectively gut it to an almost nonexistent value during victorian times.

Such distrust of the State is not found amongst other cultures. For example, the French have no problem with an overbearing State that nitpickingly regulates every aspect of their life, but since their culture will not demean the State, working for the State is not viewed as something bad, and the State will have no problem in recruiting competent people which will insure that whatever action the State takes, it will be done competently. Witness, for example, the network of high-speed trains ran by the French State Railroad, all developped by the State-Owned railroad. The same comment can be made about the extensive network of french nuclear power plant, all operated by a State agency, and exporting power to the rest of Europe.

A reputation, based on people with a serious ideological axe to grind. Blind faith in the market producing magical efficiency gains is contrary to everything I have seen during my professional life, both in the public and private sector. From my perspective, I have never seen one bit of evidence to show there is any truth to it outside the imaginations of Tory politicians.

Furthermore, people like you who are so besotted with 'market forces' did attempt to introduce them to public services in the UK, and it has been an unmitigated disaster. The inability of internal prices to truly reflect the quality of services has resulted in huge waste, massive bureaucracy and a decline of standards. Now, the ideologues are at it again trying to push for a new round of 'targets' in the NHS. They never learn.

In the scenario you descibre, the streets would become choked with dirty, unsafe buses and traffic would grind to a halt. This, in fact, happens.

Like so many market fundamentalists, you just can't see how easily your ideology falls flat on its face in the real world, or you would've seen the flaw in your own argument.

You are essentially laying all inefficiency at the feet of the 'state' - i.e. any actor that isn't an entrepreneur - and then using that as 'proof' that the entrepreneur is more efficient. This is what people smarter than you refer to as 'circular logic'.

Perhaps, when you've grown up, experienced the real world a bit and stopped reading Ayn Rands bullshit, you might get a clue.

Then why do colleges produce innovations? How do colleges get teaching done (my university certainly manages)? Taking longer to do a task isn't necessarily a sign of laziness - it can be a sign of thoroughness. This is why the private sector notoriously fails at big projects such as infrastructure and space travel. Market forces breed the patience of a 5 year old with ADHD. If you can't do something RIGHT NOW they will find someone who can - or at least *claims* they can.

If you need a recognized code of ethics to tell you that sabotaging your ex-employer's system isn't right, then no code of ethics can help you. Unfortunately this guy screws it up for all of the honest techs who work hard to earn the trust which they need for doing their jobs.

If you need a recognized code of ethics to tell you that sabotaging your ex-employer's system isn't right, then no code of ethics can help you.

Integrity and reputation is typically more profitable than malice and destruction.

I've been in the business a few years, and as you get older, you acquire positions of trust. You have too, you can't be "starting out" your whole career. This sort of behavior is a deal breaker. No one will hire him.

When laid off or fired. Collect your stuff, shake hands with your boss, tell them what is left to be completed, politely and with insight, try to be constructive with any discussions on the exit interview. Even a complete moron will leave a better impression than the greatest genius.

Once out, have a beer or two. Calm down. If you'r any good at all, when they are picking up the pieces of the layoff, they'll remember you attitude and professionalism and probably pay you contractor wages to do stuff while you collect unemployment and look for a new job.

By using the fact that they still have physical access? Resetting his password, or re-enabling other admin accounts is trivial if you can boot the target server with a recovery disk or something along those lines.

In this case, it isn't even anything sinister. Basically they get a court order compelling him to give up the password. If he refuses, he's in contempt of court and they'll lock him up until he does. If that's for the rest of his life, well then that's how it goes. He has no grounds at all to challenge such an order so any appeals will get shot down.

Basically they can just keep him in jail until he decides to give up the password. Most likely, this wont' be long at all. Sounds like this guy isn't a hardened criminal, just an asshole with an over inflated sense of self importance. I'm guessing after a few days he'll realise how much this sucks, and his lawyer will explain that he is in fact just going to sit here until he gives it up, and that the ultimate sentence he'll get will only get worse the longer he stonewalls.

Been around since the time of Juvenal's Satires (which would be the third or fourth century AD, I think, unless someone wants to look it up and correct me).

Quis custodiet ipsos custodes? Translation: who guards the guards?

Think for a moment. If you are a senior IT administrator or a senior programmer, unless you're in a very rigorous environment, your actions are most likely not subject to peer review. No-one has time. Right?

How many times do we see the argument "it's open source, anyone can read the code" immediately presented with "but who does"? Now consider that there are millions of people using Linux who potentially could read the code and who are likely working with it because they have a personal passion; but a handful of people who potentially could review your work, but are unlikely to have any deep yearning to do so because, well, they've got their own work to do.

In this kind of situation, you either have to have a mandated peer review regime (time consuming and expensive) or an independent audit (ditto). Both of these are, for reasons of practicality, likely to hit only subsections of what needs to be reviewed.

It's a trust thing. If you can trust your admins. And if you can't...well, who admins the admins?

Get fucked, asshole. The last thing this country needs is for butthurt pussies to define another ordinary crime as "terrorism" because they think a particular perp should be punished more "as an example" or because they're afraid.

This is not terrorism. It's an act of sabotage by one individual (who should undergo a psych eval) who should be prosecuted to the extent of the law, and to a lesser extent it's a failure of leadership for his bosses.

modern computer systems have a single point of control or power, the superuser. most admins need that access to do their job, but through that account they can do exactly this, disable all other accounts and change the superuser password. It can be circumvented (usually) with physical access, but it sort of comes down to the fact that someone in a position of trust can abuse it and do a lot of damage. I'm not sure how 'checks and balances' would have prevented it except maybe to not hire nutjobs.

This guy is the reason the rest of us have to deal with such draconian security measures around the office place. He has made life worse for everyone he works with and everyone whose CEO reads about this in the newspaper.